summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Baron <jbaron@redhat.com>2012-05-02 22:42:10 -0400
committerMichael Roth <mdroth@linux.vnet.ibm.com>2012-06-25 08:55:12 -0500
commitf63e60327b8e239ae97fa71060940ca20a8bf38e (patch)
treea5a79e00244880e48683a5af6297a11ccc292fa5
parentintel-hda: Fix reset of MSI function (diff)
downloadqemu-kvm-f63e60327b8e239ae97fa71060940ca20a8bf38e.tar.gz
qemu-kvm-f63e60327b8e239ae97fa71060940ca20a8bf38e.tar.bz2
qemu-kvm-f63e60327b8e239ae97fa71060940ca20a8bf38e.zip
qdev: release parent properties on dc->init failure
While looking into hot-plugging bridges, I can create a qemu segfault via: $ device_add pci-bridge Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0. ** ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) I'm proposing to fix this by adding a call to 'object_unparent()', before the call to qdev_free(). I see there is already a precedent for this usage pattern as seen in qdev_simple_unplug_cb(): /* can be used as ->unplug() callback for the simple cases */ int qdev_simple_unplug_cb(DeviceState *dev) { /* just zap it */ object_unparent(OBJECT(dev)); qdev_free(dev); return 0; } Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> (cherry picked from commit 266ca11a0433643a3cc3146a9837d9f2b0bfbe3b) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-rw-r--r--hw/qdev.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/qdev.c b/hw/qdev.c
index 6a8f6bda2..af419b9c1 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -150,6 +150,7 @@ int qdev_init(DeviceState *dev)
rc = dc->init(dev);
if (rc < 0) {
+ object_unparent(OBJECT(dev));
qdev_free(dev);
return rc;
}